Human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) are being targeted by new mobile malware spread through a news app. Cisco Talos and the Yahoo Advanced Cyber Threats Team discovered the malicious Android mobile app, which masquerades as a variant of the Sahara Press Service app run by a SADR-associated media agency. Researchers at Cisco Talos believe the spying campaign began in January and is still in its early stages. The custom-built app was distributed via spearphishing emails sent to human rights activists in Morocco and SADR.

Threat actors spreading Raspberry Robin are now using Windows Script Files (WSFs), in addition to other methods, such as USB drives. A WSF is a file type generally used by administrators and legitimate software to automate tasks in Windows. HP Threat Research discovered new campaigns starting in March 2024 where Raspberry Robin was being spread with anti-analysis techniques through highly obfuscated WSFs. The Windows worm, discovered in 2021, was initially spread to target hosts via removable media.

Researchers at the University of Guelph have presented an innovative framework that could be used to protect data in the interconnected world. It is a new approach to developing apps and services. A recently published study describes the two-level solution that improves the framework currently used in smart devices. One level works locally on the device, protecting sensitive data as it travels to the central server. The second level ensures that any data is encrypted even as it is being processed.

A threat actor, tracked as "TA547," is running a PowerShell script believed to have been developed with the help of an Artificial Intelligence (AI) system, such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's Copilot. In March, the adversary used the script in an email campaign to deliver the Rhadamanthys information stealer to organizations in Germany. Proofpoint researchers attributed the attack to TA547, who is suspected of being an Initial Access Broker (IAB). TA547 has been active since at least 2017, delivering malware to Windows and Android systems.

The growing popularity of Electric Vehicles (EVs) attracts not only gas-conscious consumers but also cybercriminals interested in using EV charging stations to conduct large-scale cyberattacks. Charging points, whether in a private garage or on a public parking lot, are online and running software that interacts with payment systems and the electric grid. They also store driver identities. Therefore, charging stations pose significant cybersecurity risks.

A critical vulnerability, dubbed "BatBadBut," in the Rust standard library could be used to target Windows systems and launch command injection attacks. A security engineer from Flatt Security discovered the flaw, which allows an attacker to perform command injection on Windows applications that indirectly rely on the 'CreateProcess' function when certain conditions are met. This article continues to discuss findings regarding the BatBadBut vulnerability.

Cybersecurity researchers at VU Amsterdam University have highlighted a new variation of the Spectre v2 attack that is aimed at Intel processors. When the Spectre and Meltdown CPU attacks were made public in 2018, Spectre v2 or Spectre BTI (Branch Target Injection) was considered the most dangerous variant. Even though CPU makers and others have been working on hardware and software defenses, researchers are still finding new ways to do these attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a new release of its malware analysis system, "Malware Next-Gen." The system welcomes any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen enables CISA to better support its partners by automating the analysis of newly identified malware and improving cyber defense efforts. Network defenders responding to cyber incidents and hunting threats need up-to-date, useful information about malware, like how it works and what it is meant to do.

The National Security Agency (NSA) has published guidance on improving data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Data Pillar" aim to ensure that only authorized individuals have access to data. The capabilities described in the CSI are integrated into a comprehensive Zero Trust (ZT) framework.

Researchers have found two new Microsoft SharePoint flaws, posing a significant threat to businesses. These vulnerabilities could enable attackers to bypass audit logs, avoid triggering downloads, and exfiltrate SharePoint data. SharePoint is widely used in government and business, with an estimated 250,000 organizations relying on it for document and intranet management. The platform is particularly popular among Fortune 500 companies.